Yahoo secretly scanned customer emails for US intelligence

Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: â€œWe have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.â€

For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.'”

About The Author

22 Comments

A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: â€œWe have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.â€

For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.'”

No surprise they would say this, but it would be more credible if they had been honest about their roles in the NSA PRISM programs. Who’s to say they’re not lying again this time?

I hate to assume guilt if it’s not true, but if they really cared about society’s privacy they would absolutely be promoting federated protocols where we are in control of our own data. Instead they keep pushing centralized models where the best they can do is say “trust us”, and we’re forced to take their word for it (just like before).

Microsoft: â€œWe have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.â€

Google: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.'” [/q]

[q]No surprise they would say this, but it would be more credible if they had been honest about their roles in the NSA PRISM programs. Who’s to say they’re not lying again this time?

Who is talking about lying? Both statements offer plenty of room for legal interpretation, and they can both be perfectly true even if the NSA or FBI has full and direct access to everything Microsoft and Google store on their servers.

Who is talking about lying? Both statements offer plenty of room for legal interpretation, and they can both be perfectly true even if the NSA or FBI has full and direct access to everything Microsoft and Google store on their servers.

Yes, with care you can redefine almost anything to convert a lie into a truth, but I’d still call it lying if the intent was to mask the truth.

I doubt these spokespersons would even know if it was true. Seriously, whenever these things happen, the information is very likely on a need to know basis.

To me these statements very much read like they are vetted by a legal department. These companies have to walk a fine line between gag orders and NDAs on the one hand, and shareholders and public opinion on the other hand. I don’t think they’ll leave much to chance, especially not if, like you mention, a spokesperson needs to assume he only has access to a subset of the information.

if only things worked that way. even if there were a revolution the division is so wide anything to replace it might be even worse. in this case the best hope is that individual states recognize that the contract set up by the constitution between the federal government and the states has been turned into toilet paper by the federal government and act accordingly. That route might still bloodless.

I worked in black hat during the 90s and there were executive orders against collecting on US soil against US citizens. Not sure who rescinded this order but its full on abuse today.

Our government is not one of the people, for the people, by the people. It has always been one of the powerful & wealthy, for the powerful & wealthy, by the powerful & wealthy. This is why so many people are pissed and why there’s so little we can actually do about it. What people need to understand is that the `game` is rigged, and swapping out random players here & there will never fix that.

Now, even if there were companies that truly wanted to preserve privacy and defend the 1st and 4th amendments, they will always be subject to our governments self-given power to override or ignore any law they wish. Our constitution isn’t respected, it’s an irritant and an obstacle to those who want to maintain control. We the people don’t run the show, we’re simply an inconvenience for those who do. I’m sure these companies either by their own will or court order will scan emails, lie about it, and not even think twice. We’ve already been to this rodeo.

Our founders provided a solution to dealing with an oppressive Government, Any means available is legal and was established as precedent in our Declaration Independence and subsequent revolution.

You’re forgetting the more recent precedent established in the somewhat lively debate held between 1860 and 1865.

As a result of that “discussion”, rebellion can be squashed by military force, and if you think you’ve got the chops to take on one of the most powerful military forces on the planet, think again.

Finally, while it may be more satisfying to pummel your enemies and see them run from your blazing semi-automatic weapons, remember that as a rule, historically, change comes about not through rebellion, but through politics– The colonies were about the only successful rebellion against the British Empire, and if it hadn’t turned into a bit of a global conflict, it’s questionable whether we would have succeeded then.

Isn’t it clear by now to everyone that all personal data/correspondence/finger prints/etc. provided (or obtained without user consent) to any US corporation in any way is being scanned by FBI/CIA/etc.?